The EICAR Encoder - Metasploit


This page contains detailed information about how to use the encoder/generic/eicar metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Table Of Contents
hide

Module Overview

Name: The EICAR Encoder
Module: encoder/generic/eicar
Source code: modules/encoders/generic/eicar.rb
Disclosure date: -
Last modification time: 2017-07-24 06:26:21 +0000
Supported architecture(s): x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r
Supported platform(s): All
Target service / protocol: -
Target network port(s): -
List of CVEs: -

This encoder merely replaces the given payload with the EICAR test string. Note, this is sure to ruin your payload. Any content-aware firewall, proxy, IDS, or IPS that follows anti-virus standards should alert and do what it would normally do when malware is transmitted across the wire.

Module Ranking and Traits

Module Ranking:

  • manual: The exploit is unstable or difficult to exploit and is basically a DoS. This ranking is also used when the module has no use unless specifically configured by the user (e.g.: exploit/windows/smb/psexec). More information about ranking can be found here.

Basic Usage

msf > use encoder/generic/eicar
msf encoder(eicar) > show targets
    ... a list of targets ...
msf encoder(eicar) > set TARGET target-id
msf encoder(eicar) > show options
    ... show and set options ...
msf encoder(eicar) > exploit

Go back to menu.

Msfconsole Usage

Here is how the encoder/generic/eicar module looks in the msfconsole:

msf6 > use encoder/generic/eicar

msf6 encoder(generic/eicar) > show info

       Name: The EICAR Encoder
     Module: encoder/generic/eicar
   Platform: All
       Arch: x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r
       Rank: Manual

Provided by:
  todb <[email protected]>

Description:
  This encoder merely replaces the given payload with the EICAR test 
  string. Note, this is sure to ruin your payload. Any content-aware 
  firewall, proxy, IDS, or IPS that follows anti-virus standards 
  should alert and do what it would normally do when malware is 
  transmitted across the wire.

Module Options

This is a complete list of options available in the encoder/generic/eicar module:

msf6 encoder(generic/eicar) > show options

Module options (encoder/generic/eicar):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Advanced Options

Here is a complete list of advanced options supported by the encoder/generic/eicar module:

msf6 encoder(generic/eicar) > show advanced

Module advanced options (encoder/generic/eicar):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   VERBOSE    false            no        Enable detailed status messages
   WORKSPACE                   no        Specify the workspace for this module

Go back to menu.

Go back to menu.

See Also

Check also the following modules related to this module:

Authors

todb

Version

This page has been produced using Metasploit Framework version 6.2.1-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.